Solution for the problem is provided below, please
comment if any doubts:
I) Answer: Weak collision resistance
Explanation:
- The processing of password is requires the weak collision
resistance as necessary feature for password security.
- The password is stored in the form of its hash function result
in the password storage, not as the original password itself. So
while we enter the password in some other time to login using the
password again compute the secure hash function and check for the
equality.
- The weak collision resistance is one in which for a given “s”,
it is possible to find “t” such that Hash(s)=Hash(t).
- The strong collision check for two arbitrary values, so it not
requires much for password security.
- All the secure hash function should be one way, it doesn’t have
much impact with password security.
II) Password dictionary
- It is a database stores the password that guessed by password
hacking tools on various servers.
It can be used to improve the security,
since:
- The password that can be guessed by hacking tools can be
avoided by using the password dictionary.
- While we set the password, if the password in the password
dictionary came, them alert the user to choose another password for
better security.
III)
Limiting the password age, because:
- The same password used over a long time is surely a risk, a
compromised password system. Or long attempting password break can
be happen, to avoid this a limiting password age is used.
The maximum age: The maximum age should be set
for passwords to avoid the possible password hack. A long live
password means the attacker will get that much time to hack the
password. The attacker should not get much time, so the password
should be set with a maximum age.
The minimum age: It is to avoid the usage of
previously used password by the user after a mandatory password
change. The users normally likes to stay with their one password
without much worry about the security. But this should be avoid, so
one password should not changed instantly after it set.